Well, even option a) is a bit far-fetched, considering it's a hard-coded element of the browser/image viewer (unlike, say, an ActiveX control in IE, which is just in a way an application layer). There's always a way to use an exploit, of course, but then the best way to transmit that would be through an html file with javascript/java code that would contain a JPEG, but not through the JPEG itself. My point is, there's a way to do it of course, but it's so incredibly complex (well, not that much from my POV, but generally) that it just wouldn't be a good way to do it. People who write viruses either do it for a) the challenge, b) to get noticed, or c) because it's incredibly easy to do. 95% of the viruses out there are c), thanks to programs like Virus Lab (oh, the fun I had with that in high school). B) are mostly the ones that get around - like the Kournikova virus, or Melissa or 9/11 or whatnot. A)'s are the ones to 'look out' for, except those people don't usually spread their code, and even if they did, the complexity of transmitting a virus through JPEG files is too high to even be worth the effort. Of course, the best way to effectively do it would be to somehow alter the main HTML files of major web sites (Yahoo, eBay, CNN, etc) to contain ActiveX or Java controls to run an off-server ASP file to somehow modify hard-coded instruction sets in the browser or offline image viewers, and then attach malicious code to JPEGs here and there.. which would most likely be a detected intrusion and stopped first of all, or if it's not, it would be noticed by a lot of people who have their security levels in IE set to anything other than 'everything allowed' (which is most people). So it just wouldn't catch on. As for your b), well, those are still very early on. Altamira and others use them for their resizing software, and the source code to those things are usually very well protected. Until vector-based graphics really catch on on the web in 'true form' (as opposed to Flash-contained and equivalents, since they kinda fit in that category), I wouldn't worry about that. And hey, I don't just put the blame on CNN. McAfee, Symantec and others are just as guilty.. though on the other hand they're just looking after their own profit margin. I tend to respect anyone who can actually make a living, but that's probably because I live somewhere where I'm incredibly overtaxed. grin probably doesn't make much sense right now But that's ok, it's late and I'm tired and just catching up on tonight's posts before going to bed. Hopefully it made -some-. :P =DarkPen=